Installed, but not fully secured

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://moresteamentertainment.com/

I ran this command:

It produced this output:

My web server is (include version):c panel

The operating system my web server runs on is (include version):linux, un-known version

My hosting provider, if applicable, is: Godaddy

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I have installed correctly on 4 domains, 3 show the secured lock icon in browsers. My main website (new) recently went live, its just a communication portal, I installed the SSL the same way as my other sites, and is verified cert. but this domain shows as not fully secured. I am not that experienced, however, I do suspect the reason is the file structure is different for this particular domain, as it’s files are in the “default” directory, and not like my other sites that all files have a dedicated folder (directory) Does anyone have experience with this issue and know how to correct?? Yes. I have backed up, yes I have access to cpanel quickly, yes have team viewer. kindly HELP. Thank you.

1 Like

A link to an image on line 82 is using HTTP instead of HTTPs

img src=“http://moresteamentertainment.com/wp-content/uploads/2019/11/MSE-low-resolution-MSE-WEBSITE.png” alt=“Emphasizing the Interactive Nature of FUN” id=“logo” data-height-percentage=“84”

Try adding a ‘s’ to that HTTP and see if that resolves it…

Visiting the link directly is unsecure… HOWEVER, adding https:// IS secure… see here

https://moresteamentertainment.com/wp-content/uploads/2019/11/MSE-low-resolution-MSE-WEBSITE.png

Seen this issue more than once now!

Let us know mate!!!

1 Like

OHHH!
Just noticed a few more

line 87 has the same issue with an ahref:

a href=“http://moresteamentertainment.com/” aria-current=“page”>Home<

Line 135

img src=“http://moresteamentertainment.com/wp-content/uploads/2019/11/electrician_04.png” title="" alt="" class=“header-logo” /

line 139 (twice in this line)

a class=“et_pb_button et_pb_custom_button_icon et_pb_more_button et_pb_button_one” href=“http://moresteamentertainment.com/about-us/” data-icon="$">About Usa class=“et_pb_button et_pb_custom_button_icon et_pb_more_button et_pb_button_two” href=“http://moresteamentertainment.com/contact/” data-icon="$">Contact Us

line 161

span class="et_pb_image_wrap "></span

line 173

img src=“http://moresteamentertainment.com/wp-content/uploads/2019/11/awesome-buttons-logo-Largecd.png” alt="" title="" />

line 181

img src=“http://moresteamentertainment.com/wp-content/uploads/2020/01/WOW-Button-copy.png” alt="" title="" />

line 201

img src=“http://moresteamentertainment.com/wp-content/uploads/2020/01/Awesome-buttons-juggling.jpg” alt="" title="

line 209

span class="et_pb_image_wrap ">

line 221

a class=“et_pb_button et_pb_custom_button_icon et_pb_button_0 et_animated et_pb_bg_layout_dark” href=“http://moresteamentertainment.com/learn-more” data-icon="$">Learn More

line 256

img src=“http://moresteamentertainment.com/wp-content/uploads/2019/11/MSE-low-resolution-MSE-WEBSITE.png” alt="" title="

line 320 (twice)

style=“color: #ffffff;” href=“http://moresteamentertainment.com/privacy-policy/”>Privacy Policy | Terms & Conditions

<

line 358 twice

a href=“http://www.elegantthemes.com” title=“Premium WordPress Themes”>Elegant Themes | Powered by a href=“http://www.wordpress.org”>WordPress<

Think i got them all but do check yourself - a find and replace http with https might go along way mate

Add an s in these too and it may fix it?

Let us know

1 Like

You sir are awesome for helping! I will forward this info to my web builder now.

1 Like

haha no worries, glad I can help

Let me know if this fixes the issue! :slight_smile:

1 Like

LuB, kind sir. I tried to contact my web builder, he will be out of town for over a week. And since this is urgent, I logged into word press back end that this site is built on, and installed a plugin that updates the code to https Since I have not a clue how to manually edit myself, I wish I did. The point is now, it got better, but still not fully secured. Can you please do whatever it is that you did before and pin point the code lines that might be still missing the letter s. that way at least I have it narrowed down. Thank you.

1 Like

Okay!

Line 358

href=“http://www.elegantthemes.com” title=“Premium WordPress Themes”>Elegant Themes | Powered by <…a href=“http://www.wordpress.org”>WordPress</a

Both of those urls

Thats all I can see…

1 Like

Okay, this is weird.

When I view page source, the only http links I find are the 2 in the comment above. But when I inspect code(different way to view HTML code) I also see a link in the footer as follows:

a href=“http://krischislett.com/”>Website design by Kris Chislett</a

Not sure why they are showing different code - never seen that.

In anycase, this could still be causing it, make sure all of these are SSL

Cheers

1 Like

Thank you, at least this confirms the plugin I installed helped. Now the hunt begins on how to fix the remaining code. I so dislike being a newbie at anything. Anyway, I sincerely appreciate your help! Maybe ill look on fiverr for someone to edit the remaining lines. :+1: thanks again

1 Like

href values in anchor tags are just links to another site/page. They don’t call for any insecure content to be loaded on the page, so it doesn’t matter whether they are insecure or not. The img src values DO call content, so they do matter. There’s something else pulling insecure content. First screenshot is content calls that return a 404. Second screenshot is content that is being loaded as insecure.

image

image

F12 will bring up the dev panel. Click on the Network tab & you get information on how all your content loads:

EDIT:
Go into your settings in WordPress & make sure the site is logged as https:// instead of http:// WordPress forms the links based on that setting.

2 Likes

Hello ZetaRevan,

Thanks for chiming in and providing this info. I have been at this for hours… cant figure out a fix. I did what you said and made sure I am logged into to wp back end as https, I am. Besides providing the problem, can you provide a solution? I have read so many posts, watched so many videos, that I now have a migraine. I cant locate a solution to the problem, and a how to.

Someone please provide help regarding a how to solution. Thanks

Hi @Six_Tymes

please fix your mixed content - https://check-your-website.server-daten.de/?q=moresteamentertainment.com#html-content-block-1-link

All red - you have to fix.

The css is https. But there are http resources included -> Grade I, content problems.

1 Like

thank you for your assistance sir, MUCH APPRECIATED

I have given up, as I simply do not know how to correct.

I caved and purchased an SSL from godaddy. they said it will fix the mixed content. daunting and so many hours trying to fix on my own, so much time wasted. oh well. that said, on my other sites (3) lets encrypt works fine.

That’s wrong. Mixed content isn’t a certificate problem, that’s a completely wrong answer.

It’s a local configuration problem of your website you have to fix.

You use a content management system, so you have to find the place where this file

https://moresteamentertainment.com/wp-content/et-cache/203375/et-core-unified-203375-1581073345656.min.css

is created. Then you have to change that file or you have to upload the pictures again, now with https instead of http.

PS: Check the #Connections - part of https://check-your-website.server-daten.de/?q=moresteamentertainment.com#connections

The port 443 connections are all secure, the certificate is valid.

2 Likes

Jurgen is right. And when I say check the wp settings, go to settings in your wp Admin console. Where it says site URL, make sure it has https://. I can give a screenshot later. Or message me, and I can go in & help you. I do this kind of stuff for a living (support tech for a web hosting company).

1 Like

Screenshot:

See “WordPress Address” & “Site Address”

Hello Zeta, thanks for the attempt, yes I checked that setting days ago. it was set as https. That said, godaddy has since resolved the problem. As I mentioned in a previous post, I gave up, I was spending many hours with no solution, and then caved and purchased an ssl from godaddy. In just a few minutes the problem was resolved after godaddy ssl install. Oddly, I use zero ssl / let’s encrypt on my other 3 websites awesomebuttons dot com and nsfwbuttons dot com and magicanswerbutton dot com and so far have not experienced any problems with those sites. possibly in the future when godaddy’s ssl expires on my website that had the issue, i’ll then give it another try.